fix: replace ansi-html with ansi-html-community to fix vulnerability

webpack-contrib / webpack-hot-middleware

Webpack hot reloading you can attach to your own server

MIT License

2.34k stars 296 forks source link

fix: replace ansi-html with ansi-html-community to fix vulnerability #413

Closed nttibbetts closed 3 years ago

nttibbetts commented 3 years ago

This PR contains a:

[x] bugfix
[ ] new feature
[ ] code refactor
[ ] test update
[ ] typo fix
[ ] metadata update

Motivation / Use-Case

This is a fix for the vulnerability reported in CVE-2021-23424 by replacing the ansi-html dependency with a fork of the project that has the suggested fix and resolves #412

linux-foundation-easycla[bot] commented 3 years ago

The committers are authorized under a signed CLA.

:white_check_mark: Nathan Tibbetts (adeeade4d0074e8ea0b48e95ab8942ed0c70afc7)

glenjamin commented 3 years ago

Released in 2.25.1 - thanks for the PR!